# Zero-Tap Authentication Templates Zero-tap authentication templates allow your users to receive one-time passwords or codes via WhatsApp without having to leave your application. When a user in your app requests a password or code and you deliver it using a zero-tap authentication template, the WhatsApp client simply broadcasts the included password or code and your app can capture it immediately with a broadcast receiver. From the user's perspective, they request a password or code in your app and the code appears in your app automatically. If your app user happens to check the message in the WhatsApp client, they will only see a message displaying the default fixed text: *< code > is your verification code.* Like one-tap autofill button authentication templates, when the WhatsApp client receives the template message containing the user's password or code, Meta perform a series of eligibility checks. If the message fails this check and Meta is unable to broadcast the password or code, the message will display either a one-tap autofill button or a copy code button. For this reason, when you create a zero-tap authentication template, you must include a [one-tap autofill and copy code button](/docs/resources/authentication-messages.md#buttons) in your post body payload, even if the user may never see one of these buttons. {% hint style="warning" %} Zero-tap is only supported on Android. If you send a zero-tap authentication template to a WhatsApp user who is using a non-Android device, the WhatsApp client will display a copy code button instead. URLs, media, and emojis are not supported. {% endhint %} {% hint style="info" %} When using Zero-Tap authentication templates, you must also perform a handshake and use the App Signing Key Hash to integrate with your software. For this, please refer [to Meta's documentation.](https://developers.facebook.com/docs/whatsapp/business-management-api/authentication-templates/zero-tap-authentication-templates#app-signing-key-hash) {% endhint %} ## Best Practices * Do not make WhatsApp your default password/code delivery method. * Make it clear to your app users that the password or code will be automatically delivered to your app when they select WhatsApp for delivery. * Link to Meta article [About security codes that automatically fill on WhatsApp](https://faq.whatsapp.com/659113242716268/?fbclid=IwAR2hVQxhk4u71ePXhKMsznNGiFa2WTkuL5felrlfd5xMnto4pJ_JKTVGTWI) in the help center, to support users who are worried about auto-delivery of the password or code. * After the password/code is used in your app, make it clear to your app user that it was received successfully. Here are some examples that make it clear to an app user that their code will automatically appear in the app:
## Template Creation You can use the WABA API to create zero-tap authentication templates. Alternatively, you can also create it using WhatsApp Manager. Use the create template endpoint and assemble the authentication components in the request: The base-url should be `https://waba-v2.360dialog.io` `POST` `[base-url]/v1/configs/templates` The message template name field is limited to 512 characters. The message template content field is limited to 1024 characters. #### Headers | Name | Type | Description | | ------------ | ------ | ----------- | | D360-API-KEY | string | | #### Request Body | Name | Type | Description | | -------------------------------------------- | --------------- | ------------------------------------------------------------------------------------------------------------------------------------------ | | name\* | string | | | components\* | array\[objects] | Array of objects that describe the components that make up the template. | | category\* | string | Allowed values: **`AUTHENTICATION`** | | language\* | string | [View list of supported languages here.](https://developers.facebook.com/docs/whatsapp/api/messages/message-templates#supported-languages) | {% tabs %} {% tab title="200: OK " %} Upon success, the API will respond with a JSON object describing the newly created template. ```javascript { "id": "594425479261596", "status": "PENDING", "category": "AUTHENTICATION" } ``` {% endtab %} {% endtabs %} #### Post Body ```json { "name": "", "language": "", "category": "authentication", "message_send_ttl_seconds": , // Optional "components": [ { "type": "body", "add_security_recommendation": // Optional }, { "type": "footer", "code_expiration_minutes": // Optional }, { "type": "buttons", "buttons": [ { "type": "otp", "otp_type": "zero_tap", "text": "", // Optional "autofill_text": "", // Optional "package_name": "", "signature_hash": "", "zero_tap_terms_accepted": } ] } ] } ``` Note that in your template creation request the button type is designated as `otp`, but upon creation the button type will be set to `url`. You can confirm this by performing a GET request on a newly created authentication template and analyzing its components. #### Properties | Placeholder | Description | Example Value | | ---------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | |

\

String

|

Optional.


One-tap autofill button label text.


If omitted, the autofill text will default to a pre-set value, localized to the template's language. For example, Autofill for English (US).


Maximum 25 characters.

| `Autofill` | |

\

String

|

Optional.


Copy code button label text.


If the message fails the eligibility check and displays a copy code button, the button will use this text label.


If omitted, and the message fails the eligibility check and displays a copy code button, the text will default to a pre-set value localized to the template's language. For example, Copy Code for English (US).


Maximum 25 characters.

| `Copy Code` | |

\

Integer

|

Optional.


Indicates the number of minutes the password or code is valid.


If included, the code expiration warning and this value will be displayed in the delivered message. If the message fails the eligibility check and displays a one-tap autofill button, the button will be disabled in the delivered message the indicated number of minutes from when the message was sent.


If omitted, the code expiration warning will not be displayed in the delivered message. If the message fails the eligibility check and displays a one-tap autofill button, the button will be disabled 10 minutes from when the message was sent.


Minimum 1, maximum 90.

| `5` | |

\

String

|

Required.


Your Android app's package name.

| `com.example.luckyshrub` | |

\

Boolean

|

Optional.


Set to true if you want the template to include the fixed string, For your security, do not share this code. Set to false to exclude the string.

| `true` | |

\

String

|

Required.


Your app signing key hash. See App Signing Key Hash below.

| `K8a%2FAINcGX7` | |

\

String

|

Required.


Template language and locale code.

| `en_US` | |

\

String

|

Required.


Template name.


Maximum 512 characters.

| `zero_tap_auth_template` | |

\

Boolean

|

Required.


Set to true to indicate that you understand that your use of zero-tap authentication is subject to the WhatsApp Business Terms of Service, and that it's your responsibility to ensure your customers expect that the code will be automatically filled in on their behalf when they choose to receive the zero-tap code through WhatsApp.


If set to false, the template will not be created as you need to accept zero-tap terms before creating zero-tap enabled message templates.

| `true` | |

\

Integer

|

Optional.


Authentication message time-to-live value, in seconds. See Time-To-Live.

| `60` | #### Example Request ```json { "name": "zero_tap_auth_template", "language": "en_US", "category": "authentication", "message_send_ttl_seconds": 60, "components": [ { "type": "body", "add_security_recommendation": true }, { "type": "footer", "code_expiration_minutes": 5 }, { "type": "buttons", "buttons": [ { "type": "otp", "otp_type": "zero_tap", "text": "Copy Code", "autofill_text": "Autofill", "package_name": "com.example.luckyshrub", "signature_hash": "K8a%2FAINcGX7", "zero_tap_terms_accepted": true } ] } ] } ``` ## Sending Zero-Tap Authentication Template Messages See our[ Authentication Templates documentation](/docs/resources/authentication-messages.md) to learn how to send it to customers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.360dialog.com/docs/resources/authentication-messages/zero-tap-authentication-templates.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.